September 18, 2024
© 2024 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Anomali Integration
With this release, we’ve extended the list of integrations with Anomali, the leading AI-powered security operations platform. The newly added solution is added to the following SOC Prime’s products to enrich cross-platform functionality:
TDM
Uncoder AI*
*Anomali can be currently selected as a target language.
Alternative Date Format for Sigma Rules
With this latest release, we’ve added support for an alternative date format for Sigma rules (YYYY-MM-DD), like in 2024-09-03 in addition to the existing date format YYYY/MM/DD. The alternative date format can now be displayed in the rule metadata and is supported by the Sigma parser. Users now can save Sigma rules applying both data formats in their private repos within the SOC Prime Platform.
Company Website Updates
Advanced Threat Detection Landing Page
We released a new landing page describing the Advance Threat Detection use case of the SOC Prime Platform, with the corresponding changes being reflected in the website navigation.
Integrations Landing Page Update
We have updated the Integrations landing page under the Resources tab to properly highlight all supported technologies within the SOC Prime Platform.
Performance Improvements
We’ve enhanced the website loading speed (for both desktop and mobile versions) by optimizing the plugins functionality and improving Core Web Vitals metrics for a better performance and user experience.
TDM
Synchronization with New Sigma Rules Repositories
With the latest release, we have expanded the list of Sigma rule repositories in sync with Threat Detection Marketplace (TDM). In total, we currently support 9 GitHub repositories, providing users with access to the most relevant community-sourced detection content*.
To access the community-sourced Sigma rules, TDM users need to select Community repo from the Platform Repo dropdown list.
*Please note that the SigmaHQ content will be stored in its separate SigmaHQ repo (other than Community).
Improved Validation of User-Owned Entities
With this latest release, we have enhanced the validation process for newly created Content Lists and other user-generated entities within the Platform. As part of this improvement, we have restricted the use of some special characters in entity names to ensure better validation and consistency.
Improved Jobs Update Tracking
With this release, we have improved User ID tracking for changes made to Jobs. This ensures that only users with the appropriate role permissions can enable or modify Jobs, preventing unauthorized actions by those without the required access rights.
Uncoder AI
EQL to Lucene Translation Support
With this SOC Prime Platform release, we’ve added the ability to select the Elastic Stack Query EQL as a source language format in Uncoder AI and enable its reverse translation to Lucene, along with other supported formats.
Custom Repository Field Behavior Improvements
We’ve improved the custom repository behavior to enhance use case management experience. With this release, each Uncoder AI customer who has switched to creating a custom repository should not lose content when they return to Uncoder and refresh the page to update the dropdown list of available repositories.
By clicking the Save to dropdown while saving content in Uncoder AI, the list of available repositories in this dropdown should update automatically.
If the user has no available custom repository, instead of the Create Repository button, they can now see the Save to dropdown with the following options:
Add Repository — which opens the new tab from the Repositories page
Select Repository — a default option which serves as a placeholder
Ability to Save a Microsoft Sentinel Rule as JSON
We’ve added the ability to save a created Microsoft Sentinel Rule in the JSON format to enable customers to import it to Analytics and save there as a Rule (available for the following language formats):
ala-rule
ala-rule-mdatp
Key Bug Fixes & Improvements
Resolved the issue related to the GitHub synchronization by removing the rules that were moved
Resolved the markdown issue from the description on the Intelligence tab on the TDM content item page
Fixed the issue with the Sigma rules translation into Microsoft Sentinel related to the Sigma aggregation parser error displayed
Renamed the “Smoking Guns“ content sorting option to “Top-Rated Alerts“ on the Overview & Search pages in TDM
Resolved the issue with the data parsing when media references to GitHub were not added to the content item timeline
Resolved the issue with displaying the wrong user under the Action by column on the History page when the Inventory Job has been launched by another user
Added three new user event logs on the Inventory page:
Enabled Inventory — when the Off/On Inventory switch is enabled
Disabled Inventory — when the Off/On Inventory switch is disabled
Ran Inventory manually — when clicking the “Run Inventory Now” icon confirming the action in the following pop-up (in case the Inventory has already been run recently)
Improved the behavior on the Change Password page to make sure that the Password Requirements pop-up accurately reflects when one or more requirements are met while entering a new password
Removed Repo filters when the user creates a static Content List and saves it
Fixed the header display issue on the Attack Detective starting page (Limitation Screen)
Fixed the issue on the Timeline section of the Intelligence page of the rule, replacing “THREATINTE” with “THREATINTEL”